Hello community, here is the log from the commit of package unbound for openSUSE:Factory checked in at 2016-02-24 14:25:19 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/unbound (Old) and /work/SRC/openSUSE:Factory/.unbound.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "unbound" Changes: -------- New Changes file: --- /dev/null 2016-01-27 19:41:03.648095915 +0100 +++ /work/SRC/openSUSE:Factory/.unbound.new/libunbound-devel-mini.changes 2016-02-24 14:25:20.000000000 +0100 @@ -0,0 +1,533 @@ +------------------------------------------------------------------- +Tue Feb 23 16:03:46 UTC 2016 - [email protected] + +- also conflict the shlib package + +------------------------------------------------------------------- +Mon Feb 22 15:22:05 UTC 2016 - [email protected] + +- add libunbound-devel-mini-rpmlintrc as source + +------------------------------------------------------------------- +Wed Feb 17 15:55:34 UTC 2016 - [email protected] + +- revert the previous change which would not solve the problem as + the library package requires the unbound-anchor package + instead introduce a libunbound-devel-mini package which holds the + shared library and devel files with a minimal build requires. + +------------------------------------------------------------------- +Thu Feb 4 13:01:35 UTC 2016 - [email protected] + +- split off a libunbound package with less buildrequires to + allow shorter buildcycles when built by gnutls. bsc#964346 + +------------------------------------------------------------------- +Thu Dec 10 11:48:46 UTC 2015 - [email protected] + +- update to 1.5.7 + +Features + * Fix #594. libunbound: optionally use libnettle for crypto. + Contributed by Luca Bruno. Added --with-nettle for use with + --with-libunbound-only. + * Implemented qname minimisation + +Bug Fixes + * Fix #712: unbound-anchor appears to not fsync root.key. + * Fix #714: Document config to block private-address for IPv4 + mapped IPv6 addresses. + * portability, replace snprintf if return value broken + * portability fixes. + * detect libexpat without xml_StopParser function. + * isblank() compat implementation. + * patch from Doug Hogan for SSL_OP_NO_SSLvx options. + * Fix #716: nodata proof with empty non-terminals and wildcards. + * Fix #718: Fix unbound-control-setup with support for env + without HEREDOC bash support. + * ACX_SSL_CHECKS no longer adds -ldl needlessly. + * Change example.conf: ftp.internic.net to https://www.internic.net + * Fix for lenient accept of reverse order DNAME and CNAME. + * spelling fixes from Igor Sobrado Delgado. + * Fix that malformed EDNS query gets a response without malformed EDNS. + * Added assert on rrset cache correctness. + * Fix #720: add windows scripts to zip bundle, + and fix unbound-control-setup windows batch file. + * Fix for #724: conf syntax to read files from run dir (on Windows). + And fix PCA prompt for unbound-service-install.exe. + And add Changelog to windows binary dist. + * .gitignore for git users. + * iana portlist update. + * Removed unneeded whitespace from example.conf. + * Do not minimise forwarded requests. + +------------------------------------------------------------------- +Thu Oct 15 19:31:43 UTC 2015 - [email protected] + +- update to 1.5.6 + Features + - Default for ssl-port is port 853, the temporary port assignment for + secure domain name system traffic. If you used to rely on the older + default of port 443, you have to put a clause in unbound.conf for + that. The new value is likely going to be the standardised port number + for this traffic. + - ANY responses include DNAME records if present, as per Evan Hunt's + remark in dnsop. + + Bug Fixes + - Fix segfault in the dns64 module in the formaterror error path. + - Fix manpage to suggest using SIGTERM to terminate the server. + - iana portlist update. + +------------------------------------------------------------------- +Sat Oct 10 09:31:40 UTC 2015 - [email protected] + +- ignore absence of the systemd-tmpfiles command + +------------------------------------------------------------------- +Tue Oct 6 14:21:00 UTC 2015 - [email protected] + +- update to 1.5.5 + Features + - Change default of harden-algo-downgrade to off. This is lenient + for algorithm rollover. + - Added permit-small-holddown config to debug fast 5011 rollover. + - Allow certificate chain files to allow for intermediate + certificates. (thanks Daniel Kahn Gillmor) + - Enable ECDHE for servers. Where available, use + SSL_CTX_set_ecdh_auto() for TLS-wrapped server configurations + to enable ECDHE. Otherwise, manually offer curve p256. Client + connections should automatically use ECDHE when available. + (thanks Daniel Kahn Gillmor) + - Feature --enable-pie option to that builds PIE binary. + [bugzilla: 699 ] + - Feature --enable-relro-now option that enables full read-only + relocation. [bugzilla: 700 ] + - New IPs for for h.root-servers.net. [bugzilla: 702 ] + Bug Fixes + - Fix setting forwarders with unbound-control forward implicitly + turns on forward-first. [bugzilla: 681 ] + - Fix that reload fails when so-reuseport is yes after changing + num-threads. [bugzilla: 690 ] + - please afl-gcc (llvm) for uninitialised variable warning. + - Fix mktime in unbound-anchor not using UTC. + - Fix 5011 anchor update timer after reload. + - 5011 implementation does not insist on all algorithms, when + harden-algo-downgrade is turned off. + - Document in the manual more text about configuring locally + served zones. + - Document that local-zone nodefault matches exactly and + transparent can be used to release a subzone. + - Fix that configure script does not detect LibreSSL 2.2.2 + [bugzilla: 694 ] + - Fix deadlock for local data add and zone add when + unbound-control list_local_data printout is interrupted. + - Fix get PY_MAJOR_VERSION failure at configure for python 2.4 to + 2.6. [bugzilla: 697 ] + - changed windows setup compression to be more transparent. + - Fix config globbed include chroot treatment, this fixes reload + of globs (patch from Dag-Erling Smørgrav). + - Fix ub_ctx_set_fwd() return value mishandled on windows. + [bugzilla: 705 ] + - Fix minor error in unbound.conf.5.in. + - Fix unbound.conf(5) access-control description for precedence + and default. + - Fix unbound-control flush that does not succeed in removing + data. + - MAX_TARGET_COUNT increased to 64, to fix up sporadic resolution + failures. + - iana portlist update. +- remove manual hacks for relro,now and pie and replace them with + official configure options. + +------------------------------------------------------------------- +Fri Sep 4 13:37:38 UTC 2015 - [email protected] + +- enable event api +- enable dnstap support + +------------------------------------------------------------------- +Thu Jul 9 10:16:32 UTC 2015 - [email protected] + +- update to 1.5.4 + +Features + - [bugzilla: 644 ] harden-algo-downgrade option, if turned off, + fixes the reported excessive validation failure when multiple + algorithms are present. If set to 'no', it allows the weakest + algorithm to validate the zone. + - stats reports tcp usage, of incoming-num-tcp buffers. + - contrib/unbound_smf22.tar.gz: Solaris SMF installation/removal + scripts. Contributed by Yuri Voinov. + - Add ip-transparent config option for bind to non-local addresses. + - Synthesize ANY responses from cache. Does not search exhaustively, + but MX,A,AAAA,SOA,NS also CNAME. + - unbound-control list_insecure command shows the negative trust + anchors currently configured, patch from Jelte Jansen. + - ratelimit feature, ratelimit: 1000, can be used to turn it on. It + ratelimits recursion effort per zone. For particular names you can + configure exceptions in unbound.conf. + - Ratelimit does not apply to prefetched queries, and + ratelimit-factor is default 10. Repeated normal queries get resolved + and with prefetch stay in the cache. + - unbound-control ratelimit_list lists high rate domains. + - caps-whitelist in unbound.conf allows whitelist of loadbalancers + that cannot work with caps-for-id or its fallback. + - RFC 7553 RR type URI support, is now enabled by default. + - cache-max-negative-ttl config option, default 3600. + - Add local-zone type inform_deny, that logs query and drops answer. + +Bug Fixes + - Unbound exits with a fatal error when the auto-trust-anchor-file + fails to be writable. This is seconds after startup. You can load a + readonly auto-trust-anchor-file with trust-anchor-file. The file has + to be writable to notice the trust anchor change, without it, a trust + anchor change will be unnoticed and the system will then become + inoperable. + - DLV is going to be decommissioned. Advice to stop using it, and + put text in the example configuration and man page to that effect. + - Patch from Brad Smith that syncs compat/getentropy_linux with + OpenBSD's version (2015-03-04). + - 0x20 fallback improved: servfail responses do not count as missing + comparisons (except if all responses are errors), inability to find + nameservers does not fail equality comparisons, many nameservers does + not try to compare more than max-sent-count, parse failures start 0x20 + fallback procedure. + - store caps_response with best response in case downgrade response + happens to be the last one. ++++ 336 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:Factory/.unbound.new/libunbound-devel-mini.changes --- /work/SRC/openSUSE:Factory/unbound/unbound.changes 2015-12-13 09:40:25.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.unbound.new/unbound.changes 2016-02-24 14:25:20.000000000 +0100 @@ -1,0 +2,24 @@ +Tue Feb 23 16:03:46 UTC 2016 - [email protected] + +- also conflict the shlib package + +------------------------------------------------------------------- +Mon Feb 22 15:22:05 UTC 2016 - [email protected] + +- add libunbound-devel-mini-rpmlintrc as source + +------------------------------------------------------------------- +Wed Feb 17 15:55:34 UTC 2016 - [email protected] + +- revert the previous change which would not solve the problem as + the library package requires the unbound-anchor package + instead introduce a libunbound-devel-mini package which holds the + shared library and devel files with a minimal build requires. + +------------------------------------------------------------------- +Thu Feb 4 13:01:35 UTC 2016 - [email protected] + +- split off a libunbound package with less buildrequires to + allow shorter buildcycles when built by gnutls. bsc#964346 + +------------------------------------------------------------------- New: ---- libunbound-devel-mini-rpmlintrc libunbound-devel-mini.changes libunbound-devel-mini.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libunbound-devel-mini.spec ++++++ # # spec file for package libunbound # # Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # %bcond_without python %bcond_without munin %bcond_without hardened_build %define ldns_version 1.6.16 # Name: libunbound-devel-mini Version: 1.5.7 Release: 0 # # BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: flex BuildRequires: ldns-devel >= %{ldns_version} BuildRequires: libevent-devel BuildRequires: libexpat-devel BuildRequires: openssl-devel Requires: this-is-only-for-build-envs Conflicts: unbound-devel Conflicts: libunbound2 Provides: libunbound-devel = %{version}-%{release} # Url: http://www.unbound.net/ Source: http://www.unbound.net/downloads/unbound-%{version}.tar.gz Source1: libunbound-devel-mini-rpmlintrc Source5: root.key Source6: dlv.isc.org.key # From http://data.iana.org/root-anchors/icannbundle.pem Source12: icannbundle.pem Source13: root.anchor Summary: Just a devel package for build loops License: BSD-3-Clause Group: Productivity/Networking/DNS/Servers %description Unbound is a validating, recursive, and caching DNS(SEC) resolver. The C implementation of Unbound is developed and maintained by NLnet Labs. It is based on ideas and algorithms taken from a java prototype developed by Verisign labs, Nominet, Kirei and ep.net. Unbound is designed as a set of modular components, so that also DNSSEC (secure DNS) validation and stub-resolvers (that do not run as a server, but are linked into an application) are easily possible. %prep %setup -n unbound-%version %build export CFLAGS="%{optflags}" export CXXFLAGS="%{optflags}" %configure \ --disable-rpath \ --with-libevent \ --with-pthreads \ --disable-static \ --with-ldns=%{_prefix} \ --enable-sha2 \ --enable-gost \ --enable-ecdsa \ --enable-event-api \ --enable-pie \ --enable-relro-now \ --with-conf-file=%{_sysconfdir}/%{name}/unbound.conf \ --with-pidfile=%{piddir}%{name}/%{name}.pid \ --without-pythonmodule --without-pyunbound \ --with-libunbound-only \ --with-rootkey-file=%{_sharedstatedir}/unbound/root.key %{__make} %{?_smp_mflags} %install make install DESTDIR="%{buildroot}" rm -rf %{buildroot}%{_mandir} %{buildroot}%{_libdir}/*.la %check # it currently fails in the ldns unit test. which is weird as both come from the same project make check ||: %post -p /sbin/ldconfig %postun -p /sbin/ldconfig %files %defattr(-,root,root,-) %{_libdir}/libunbound.so.* %{_includedir}/unbound.h %{_includedir}/unbound-event.h %{_libdir}/libunbound.so %changelog ++++++ unbound.spec ++++++ --- /var/tmp/diff_new_pack.59GDU4/_old 2016-02-24 14:25:21.000000000 +0100 +++ /var/tmp/diff_new_pack.59GDU4/_new 2016-02-24 14:25:21.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package unbound # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -148,6 +148,7 @@ Requires: %{libname} = %{version} Requires: ldns-devel >= %{ldns_version} Requires: openssl-devel +Provides: libunbound-devel = %{version}-%{release} # Summary: Development files for libunbound Group: Development/Libraries/C and C++ ++++++ libunbound-devel-mini-rpmlintrc ++++++ addFilter('shlib-policy-name-error')
